Delivering web pages and data over HTTP connections exposes users to security risks. Because servers are usually not connected directly to each other, they must pass their requests and responses through a series of network routers. These routers, located in-between servers, have complete access to requests sent via HTTP connections. Since the data is transferred …
Web scraping is the process of data extraction from different websites. It is done by using a piece of code known as “scraper”. It includes sending a ‘GET’ type query and then HTML parsing of the received content. After parsing, the scraper searches for the specified data and convert it into the specified document. The …
Phishing is a social engineering attack which is an attempt to steal sensitive and personal user information with the ill intents of gaining illegal access or financial gains. The stolen information can be in the form of usernames, passwords, bank account details or credit card numbers. The attackers utilize this information in two ways: either …
Via token authentication features, users can implement access control via URL parameters or HTTP request headers without having to build complex back-end systems Take mlytics platform as an example, we will check these tokens at the Web Application Firewall (WAF) before any request is relayed to an origin. If the token is not valid the request is …
A man-in-the-middle attack is a method which an attacker places himself in between the two devices and intercepts or modifies the messages/communication. The attacker is also able of impersonating as either of two agents and can do unauthorized actions. The attack needs three participants: the victim, the entity/system under attack and the middleman who eavesdrops. …
The Cross-Site Scripting also known as XSS is a prevalent web security threat and one of the favorite method of attackers to steal your personal information. Cross-site scripting, which targets users, made up almost one-third of the total number of attacks. In XSS, the web hackers add a malicious piece of codes in your Server …
Cross-Site Request Forgery (CSRF), also known as Session Riding is a type of web threat that manipulates the web browser into performing an unwanted action on the application or website to which a user is currently logged in. A successful CSRF attack can lead to serious consequences e.g. loss of business reputation and customer confidence, …
The DDoS mitigation is a process of protecting the targeted network from the anticipated DDoS attack. A special purpose network equipment or an alternative cloud-based security measures are used for protecting the networks from attackers. Typically, a DDoS mitigation process consists of 4 steps: The detection of possible traffic flow anomalies that may indicate the …
WAF usually resides in front of web servers, by placing a filtration barrier between the targeted server and the attacker. the WAF is able to protect against attacks like cross-site forgery, cross-site scripting and SQL injection in real time. Learn more about mlytics Enhanced Security feature. Working model Positive Security Model – PSM or Whitelisting only allows web …
A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or …
